Content-Encoding | gzip |
Content-Security-Policy-Report-Only | default-src 'none'; child-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com; connect-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com; font-src 'self' https: fonts.gstatic.com maxcdn.bootstrapcdn.com https://d1th6arvuxy6s9.cloudfront.net; img-src 'self' https: data: www.google-analytics.com https://d1th6arvuxy6s9.cloudfront.net; script-src 'self' https: www.google-analytics.com www.googletagmanager.com browser-update.org www.fullstory.com 'nonce-b2b38ece-9e32-46a5-9981-47911706115b'; style-src 'self' https: 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com https://d1th6arvuxy6s9.cloudfront.net; object-src 'none'; report-uri /report-violation |
Content-Type | text/html; charset=utf-8 |
ETag | W/"b264-xWpVb2xnJmY39U1RotIW2ESP6AE" |
set-cookie | connect.sid=s%3AdwZQUkgpSt0HLOCrG8Vgn4Sgm058m9yV.s6VQz7OnzsPO%2B%2FKigbJIKPD9edn1poiX2dll%2FnqC04A; Path=/; HttpOnly; Secure |
Strict-Transport-Security | max-age=15552000; includeSubDomains |
Vary | Accept-Encoding |
X-Content-Type-Options | nosniff |
X-DNS-Prefetch-Control | off |
X-Download-Options | noopen |
X-Frame-Options | SAMEORIGIN |
X-XSS-Protection | 1; mode=block |
transfer-encoding | chunked |
Connection | keep-alive |